Orchestrating security and system engineering for evolving systems

Authors:
Fabio Massacci;Fabrice Bouquet;Elizabeta Fourneret;Jan Jurjens;Mass S. Lund;Sébastien Madelénat;JanTobias Muehlberg;Federica Paci;Stéphane Paul;Frank Piessens;Bjornar Solhaug;Sven Wenzel
Affiliations:
Univ. of Trento, IT;Lab. d'Inform. de Franche-Comté, FR;Lab. d'Inform. de Franche-Comté, FR;TU. Dortmund, DE;SINTEF ICT, NO;Thales Research & Tech., FR;Katholieke Univ. Leuven, BE;Univ. of Trento, IT;Thales Research & Tech., FR;Katholieke Univ. Leuven, BE;SINTEF ICT, NO;TU. Dortmund, DE
Venue:
ServiceWave'11 Proceedings of the 4th European conference on Towards a service-based internet
Year:
2011

Citing 23
Cited 0

Elaborating Security Requirements by Construction of Intentional Anti-Models

Proceedings of the 26th International Conference on Software Engineering
Change Impact Analysis for Requirement Evolution using Use Case Maps

IWPSE '05 Proceedings of the Eighth International Workshop on Principles of Software Evolution
Requirements engineering for trust management: model, methodology, and reasoning

International Journal of Information Security
Computer-aided Support for Secure Tropos

Automated Software Engineering
Security Requirements Engineering: A Framework for Representation and Analysis

IEEE Transactions on Software Engineering
On the secure software development process: CLASP, SDL and Touchpoints compared

Information and Software Technology
Relationship-based change propagation: A case study

MISE '09 Proceedings of the 2009 ICSE Workshop on Modeling in Software Engineering
Early Identification of Problem Interactions: A Tool-Supported Approach

REFSQ '09 Proceedings of the 15th International Working Conference on Requirements Engineering: Foundation for Software Quality
A vulnerability-centric requirements engineering framework: analyzing security attacks, countermeasures, and requirements based on vulnerabilities

Requirements Engineering - Special Issue on RE'09: Security Requirements Engineering; Guest Editors: Eric Dubois and Haralambos Mouratidis
Secure Systems Development with UML

Secure Systems Development with UML
Model-Based Argument Analysis for Evolving Security Requirements

SSIRI '10 Proceedings of the 2010 Fourth International Conference on Secure Software Integration and Reliability Improvement
Expressive modular fine-grained concurrency specification

Proceedings of the 38th annual ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Incremental evaluation of model queries over EMF models

MODELS'10 Proceedings of the 13th international conference on Model driven engineering languages and systems: Part I
A quick tour of the VeriFast program verifier

APLAS'10 Proceedings of the 8th Asian conference on Programming languages and systems
Model-Driven Risk Analysis: The CORAS Approach

Model-Driven Risk Analysis: The CORAS Approach
Selective Test Generation Method for Evolving Critical Systems

ICSTW '11 Proceedings of the 2011 IEEE Fourth International Conference on Software Testing, Verification and Validation Workshops
Annotation inference for separation logic based verifiers

FMOODS'11/FORTE'11 Proceedings of the joint 13th IFIP WG 6.1 and 30th IFIP WG 6.1 international conference on Formal techniques for distributed systems
Incremental security verification for evolving UMLsec models

ECMFA'11 Proceedings of the 7th European conference on Modelling foundations and applications
Dealing with known unknowns: towards a game-theoretic foundation for software requirement evolution

CAiSE'11 Proceedings of the 23rd international conference on Advanced information systems engineering
Risk analysis of changing and evolving systems using CORAS

Foundations of security analysis and design VI
A Load Time Policy Checker for Open Multi-application Smart Cards

POLICY '11 Proceedings of the 2011 IEEE International Symposium on Policies for Distributed Systems and Networks
Model-Based Security Verification and Testing for Smart-cards

ARES '11 Proceedings of the 2011 Sixth International Conference on Availability, Reliability and Security
Change-driven model transformations

Software and Systems Modeling (SoSyM)

Quantified Score

Hi-index	0.00

Visualization

Abstract

How to design a security engineering process that can cope with the dynamic evolution of Future Internet scenarios and the rigidity of existing system engineering processes? The SecureChange approach is to orchestrate (as opposed to integrate) security and system engineering concerns by two types of relations between engineering processes: (i) vertical relations between successive security-related processes; and (ii) horizontal relations between mainstream system engineering processes and concurrent security-related processes. This approach can be extended to cover the complete system/ software lifecycle, from early security requirement elicitation to runtime configuration and monitoring, via high-level architecting, detailed design, development, integration and design-time testing. In this paper we illustrate the high-level scientific principles of the approach.